Allow to pass ImagePullSecrets to Kubernetes pods

This is currently only supported for the Openshift driver but it's quite useful (and needed)
for the Kubernetes driver as well. The implementation follows the same strategy as for the
OpenShift driver by allowing to set the  key to the Pod labels.

One caveat is that this exects the secret to exist in the namespace, therefore, some external
mechanism needs to take care of creating such secret there.

Change-Id: I976290e72cd59c335f6bef22e364a4d5c0a7b554
This commit is contained in:
Flavio Percoco 2023-03-01 09:27:55 +00:00
parent 0a858c4be8
commit 205d9f3b77
3 changed files with 20 additions and 1 deletions

View File

@ -224,6 +224,23 @@ Selecting the kubernetes driver adds the following options to the
that this field contains arbitrary key/value pairs and is
unrelated to the concept of labels in Nodepool.
.. attr:: image-pull-secrets
:default: []
:type: list
The imagePullSecrets needed to pull container images from a private
registry.
Example:
.. code-block:: yaml
labels:
- name: pod-fedora
image: docker.io/fedora:28
image-pull-secrets:
- name: registry-secret
.. attr:: python-path
:type: str
:default: auto

View File

@ -49,6 +49,7 @@ class KubernetesPool(ConfigPool):
pl.type = label['type']
pl.image = label.get('image')
pl.image_pull = label.get('image-pull', 'IfNotPresent')
pl.image_pull_secrets = label.get('image-pull-secrets', [])
pl.python_path = label.get('python-path', 'auto')
pl.shell_type = label.get('shell-type')
pl.cpu = label.get('cpu', self.default_label_cpu)

View File

@ -341,7 +341,8 @@ class KubernetesProvider(Provider, QuotaSupport):
container_body['resources'] = resources
spec_body = {
'containers': [container_body]
'containers': [container_body],
'imagePullSecrets': label.image_pull_secrets,
}
if label.node_selector: